Ledger Reveals Physical Exploits Against Trezor Hardware Wallets

The battle of the hardware wallets is heating up. At this weekend’s MIT Bitcoin Expo in Boston, Charles Guillmet, Chief Security Officer of Ledger, presented a number of physical attacks that could be executed against Trezor hardware wallets. He also outlined an attack on their rival’s device that Ledger has refrained from making public because it is not patchable.

Ledger CSO Runs a Train on Trezor

Like any self-respecting hardware wallet (HW) manufacturer, Ledger rigorously pen tests its own devices in search of potential vulnerabilities. The French firm’s Paris hacking lab, known as the “Ledger Donjon,” doesn’t just dissect its own wares: it also thoroughly attacks those of its fiercest rival, Trezor. While identifying and disclosing a competitor’s vulnerabilities might seem counterintuitive, it yields a brace of benefits, highlighting potential weaknesses in the opposition and emphasizing Ledger’s offensive prowess.

Within hours of Ledger CSO Charles Guillmet presenting at MIT Bitcoin Expo 2019, where he described the Trezor One, Trezor T, Keepkey, and B Wallet as “completely broken,” insisting there was “no way to fix” their security flaws, his employer published “Our Shared Security: Responsibly Disclosing Competitor Vulnerabilities.” The article explains how “about four months ago we contacted Trezor to share five vulnerabilities our Attack Lab uncovered. As always, we gave Trezor a responsible disclosure period to work on these vulnerabilities, even granting them two extensions.”

With the disclosure period having now expired, Ledger proceeds to gleefully reveal what it found upon pen testing its rival’s devices.

4 Vulnerabilities Fully Disclosed

In total, Ledger claims to have found four major vulnerabilities in Trezor’s flagship wallets. The first of these concerns the “genuineness” of the device. Trezor HWs have previously been shown to be susceptible to cloning, prompting the company to improve its tamper-proof stickers and to provide guidelines on how to detect ersatz devices. Trezor’s response to this “vulnerability” was to point out that users will not be exposed to this risk provided they purchase devices directly from the Trezor website.

Fake Trezor on the left, authentic Trezor on the right

The second attack identified involved a weakness in the PIN number used to secure Trezor HWs. Ledger explained: “On a found or stolen device, it is possible to guess the value of the PIN using a Side Channel Attack.” This entails entering a random PIN and then measuring the power consumption of the device when it compares this code with the actual value of the PIN. “This measurement allows an attacker to retrieve the correct value of the PIN within only a few tries (less than 5 in our case),” reported Ledger. “We found that the PIN does not protect the funds against an attacker with physical access to the device.”

The final two vulns involve the confidentiality of the data stored within the devices, primarily the private key and the seed. This exploit, involving the flash memory, was deemed the most serious since “it can only be circumvented by overhauling the design of the Trezor One / Trezor T, and replacing one of its core components to incorporate a Secure Element chip, as opposed to the general purpose chip currently used.” Ledger continued:

This vulnerability can not be patched – for this reason, we have elected not to disclose its technical details. It could also be mitigated by users adding a strong passphrase to their device.

A fifth, less serious, vulnerability was also disclosed. Trezor released firmware security updates last week, which it acknowledged to have been discovered by Charles Guillemet and the Ledger Donjon team. It stressed that exploiting the vulnerabilities required physical access to the device, adding that there is no evidence to suggest “any of these vulnerabilities have ever been exploited outside of the lab to extract any data.” Last week, Twitter and Square CEO Jack Dorsey revealed that he had purchased a Trezor hardware wallet.

What are your thoughts on Ledger pen testing its rival’s devices? Let us know in the comments section below.

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.